I'm very new to computer forensics and I've been looking into learning as much as I can over the next few months. I'm currently working as an IT Security Analyst and wanted to know what information, books or certifications are suggested.

scucci wrote:I'm very new to computer forensics and I've been looking into learning as much as I can over the next few months. I'm currently working as an IT Security Analyst and wanted to know what information, books or certifications are suggested.

Thanks,

Scucci

You might check out the ECFI (EC-Council Certified Forensics Investigator) courses. It seems to fit along the lines of what you describe you are looking for.

I have to be honest, there is a lot of bias in the computer forensics industry. Consulting companies prefer to hire ex-law-enforcement for forensics positions. I can certainly understand why. While you can go to EnCase or FTK training, you don't pick up investigative experience in the process. Cops and Feds always begin as regular agents / detectives before they become computer forensics investigators.

Having said that, it is possible. Part of my current role is computer forensics. I would never want to be a full time investigator, because it is quite boring work most of the time. It is certainly not as glamorous as it appears on TV. Another issue with private sector computer forensics is that you are not really working on cases that will directly "help people." Most cases are Intellectual Property or Employment related, and are quite characteristic of our suit-happy society.

Now that I got that out of the way I would agree on going to Beginner and Intermediate EnCase training. This is expensive and is easier to swallow if your employer pays for it. Your best certification for private sector forensics is CCE. If you live in United States, CCE may actually be required, together with a PI license in your state, and possible soon to be in all states.

Since you are coming from the InfoSec world, you can transition into incident response and analysis fairly quickly. Consider searching for a company that specializes in this, and also does something similar to your present role. Moving within a firm is much easier then coming in as an entry-level forensics analyst.

The best markets for private sector computer forensics are DC, NYC, and the West Coast. There are others, but nowhere as saturated as these. You may also want to check USAJOBS.com for computer forensics work. The site publishes civilian job ops for government agencies. You could also consider going in as an agent into the FBI, Secret Service, INS, etc. While starting salaries tend to be mediocre, you quickly ramp up to six figures (5-8 years). It tends to flatten out after that.

One thing you can consider is going into e-discovery first. E-discovery is less rigid and requires less investigative experience. It's a good stepping stone into forensics.